>On Jan 17, 2006, at 11:34 AM, Mark Baker wrote:
>
>>
>>In the HTTP binding part of the protocol[1], the advice as to whether
>>or not a URI serialization for the query is suitable is given as;
>>
>>"The GET binding should be used except in cases where the URL-encoded
>>query exceeds practicable limits, in which case the POST binding
>>should be used."
>>
>>Due to the considerations in the "security" section about possible
>>denial-of-service attacks, combined with the assumed "do no harm"
>>(safety) aspect of GET, I think it's quite reasonable for a service
>>provider not to expose potentially expensive queries via URI+GET.
>>
>>I still like the idea of a SHOULD-level requirement for using URIs
>>though, so perhaps something like this could be said;
>>
>>"The GET binding SHOULD be used except in the following cases, in
>>which case the POST binding SHOULD be used;
>>
>> o where the URL-encoded query exceeds practicable length limits
>> o where the cost of processing the query may be prohibitive (see
>>Section 3.1, "Security")"
>
>We just voted to publish a new LC protocol document. But I favor this patch,
+1
Pat
--
---------------------------------------------------------------------
IHMC (850)434 8903 or (650)494 3973 home
40 South Alcaniz St. (850)202 4416 office
Pensacola (850)202 4440 fax
FL 32502 (850)291 0667 cell
phayesAT-SIGNihmc.us http://www.ihmc.us/users/phayes